Luke Taylor (Migrated from SEC-1245) said:
role-based expressions should be able to automatically be able to make use of a role hierarchy. Allowing one to be injected into DefaultWebSecurityExpressionHandler et al and making use of it (if present) in the SecurityExpressionRoot hasRole() methods will make this possible.
Luke Taylor said:
Both DefaultMethodSecurityExpressionHandler and DefaultWebSecurityExpressionHandler now support the injection of a RoleHierarchy implementation. This will be set on the SecurityExpressionRoot class and used during evaluation of the hasRole() and hasAnyRole() methods.